SECOPS 3: Incident Analysis in a Threat Centric SOC Flashcards Preview

CCNA Cyber Ops SECOPS > SECOPS 3: Incident Analysis in a Threat Centric SOC > Flashcards

Flashcards in SECOPS 3: Incident Analysis in a Threat Centric SOC Deck (20)
Loading flashcards...
1

Kill Chain steps

Recon
Weaponization
Delivery
Exploitation
Installation
C2
Actions on Objectives

2

What is a kill chain?

Process of an attacker building a plan to effect a specific goal against a target

3

Weaponization

Development of a cyber weapon based on recon of a target

4

Delivery

Transmission of payload via communication vector

5

Exploitation

Executing the malicious code.

Results in access to the target system.

6

3 Typical system weaknesses

Apps, OS, Users

7

Installation phase

Establish persistence/back door

8

C2 Phase

Exploited hosts beacon to the C2 server.

9

Actions on objectives

Objective dependent actions taken by attacker.

(The point of the whole thing)

10

Recon mitigation

NGFW, NGIPS

11

Weaponization mitigation

Threat Intelligence

12

Delivery Mitigation

DNS, Email, Web Security, NGIPS

13

Exploit mitigation

Network Anti-Malware, NGFW, NGIPS

14

Installation mitigation

Host Anti-Malware

15

C2 Mitigation

DNS Security, Web Security, NGIPS

16

Action on Obj. Mitigation

Flow analytics

17

Diamond model nodes

Capability, Infrastructure, Adversary, Victim

18

Diamond model Type 1 infrastructure

Owned by adversary

19

Diamond model Type 2 infrastructure

Co-opted by adversary

20

Diamond model meta-features (6)

Timestamp
Phase
Result
Direction
Methodology
Resources